EIP-2026-109274

This writeup describes multiple vulnerabilities in Mambo Open Source CMS, including XSS via 'return' and 'mos_change_template' parameters, and SQL injection via the 'id' parameter in pathway.php. The SQL injection is due to lack of input validation, resolved in later versions using intval().